Fletcher Cocquyt <[email protected]> writes: > Is this a design limitation ? Which is weird since it seems like a > common use case to combine IP address into the LOA?
I personally don't see a defensible security justification for allowing the originating IP address to influence the LoA. It's just too trivial to compromise a random system on campus, spoof traffic, find an open proxy, or otherwise rewrite one's IP address as desired. IP-based restrictions don't add much real security, and therefore I don't believe should affect the level of assurance. -- Russ Allbery <[email protected]> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
